IDS mailing list archives
Re: Linux/*nix open source IDS
From: Matt.Carpenter () alticor com
Date: Tue, 12 Aug 2003 12:27:33 -0400
Snort is my personal favorite. It is capable of both HIDS and NIDS, with signature updates reasonably easily pulled and applied. But it is very different in nature from Tripwire. AFAIK Tripwire is more a "System File IDS" which creates a hash of files and compares to check for differences. Snort watches for bad traffic, and then either alerts or takes other actions, which allows it to act as an IDP solution of sorts. Definitely not as beautiful as a GUI from some vendor like NetScreen, but there are those available as well. Hello, I am interested in implementing an open source IDS for a Linux/*nix system and have been looking into various different ones and the sort of critiques they have received. Some of the products I am considering are Tripwire, AIDE, Samhain, Integrit, and Osiris. Because I had not been able to find very much commentary about such packages (except for Tripwire), I would like to ask what sort of experiences anyone has had with them and how they compare with one another. Alternatively, if you can point me to where I can find such information, that would also be much appreciated. Since the choice of an IDS depends on the system it is used to monitor, I should say I am presently just looking for something to protect my stand-alone Linux box, but I would like to learn what works for larger systems running any sort of *nix. --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.captusnetworks.com/ads/31.htm ---------------------------------------------------------------------------
Current thread:
- Linux/*nix open source IDS clmail2000 (Aug 12)
- Re: Linux/*nix open source IDS Paul Schmehl (Aug 12)
- Re: Linux/*nix open source IDS Ralf Spenneberg (Aug 13)
- Re: Linux/*nix open source IDS clmail2000 (Aug 19)
- Re: Linux/*nix open source IDS Giovanni Vigna (Aug 13)
- <Possible follow-ups>
- Re: Linux/*nix open source IDS Matt . Carpenter (Aug 12)
- Re: Linux/*nix open source IDS Paul Schmehl (Aug 12)